Posted by Dan Tappin on 03/02/05 17:31

The best way is to not store the password at all.

Store a hash of the password like this:

INSERT INTO users SET pass = MD5('password');

Now not knowing how you authenticate those passwords this might not
work.

If it's an internal web page via PHP all you do is MD5 the users
supplied password and compare to you DB.

Dan Tappin (The other Dan T)

On Mar 1, 2005, at 5:09 PM, Rob Tanner wrote:

> WE have a number of PHP webpages that access one of several MySql
> databases
> and while the PHP files that contain the passwords cannot be accessed
> via the
> web, we are becoming increasingly concerned over the possibility of
> other
> webpage maintainers viewing those files. How have other folks
> protected
> database passwords needed by PHP apps?
>
> Thanks.

• Next in thread: Re: [PHP] How can I secure database passwords used by PHP webpages
• Prev in thread: Re: [PHP] How can I secure database passwords used by PHP webpages
• Next in forum: Re: [PHP] Re: patch to php 4.3.10 to disabling URL wrappers in include like statements
• Prev in forum: Mistaken Identity - Was: Anti-password trading/sharing solutions
• Thread view: How can I secure database passwords used by PHP webpages

[Reply to this message]